<?php
	session_start();
	if(!($_SESSION["username"])||($_SESSION["role"]!="TUT")){
		//not logged in or tutor
		header("location:index.php");
	}

	// Connect to server and select databse.
	mysql_connect("localhost", "root", "")or die("cannot connect"); 
	mysql_select_db("Project 5.5")or die("cannot select DB");
	
	//displays message from url
	function message(){
		if(isset($_GET['message'])){
			switch ($_GET['message']){
				case "delete":
					header("location:delete.php?file=".$_GET['file']."&referrer=students");
					break;
				case "success":
					echo '<div id="error" style="display:block;background:#9F9;color:#777;"><a href="managestudents.php">Data Imported</a></div>';
					break;
				case "import":	
					uploadFile();				
					break;
				case "export":
					echo '<div id="error" style="display:block;background:#9F9;color:#777;"><a href="managestudents.php">Data Exported</a></div>';
					header('refresh:1;url=studentexport.php');
					break;
				case "edit":
					echo '<div id="error" style="display:block;background:#9F9;color:#777;"><a href="managestudents.php">Student Edited</a></div>';
					break;
				case "add":
					echo '<div id="error" style="display:block;background:#9F9;color:#777;"><a href="managestudents.php">Student Added</a></div>';
					break;
				case "remove":
					echo '<div id="error" style="display:block;background:#9F9;color:#777;"><a href="managestudents.php">Student Removed</a></div>';
					break;
				}
		}
		
		
	}
	
	//adds new student info to DB
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
		if(isset($_GET['message'])){
			if($_GET['message']=="add"){
			
				$myfirstname=$_POST['firstname']; 
				$mylastname=$_POST['lastname']; 
				$myusername=$_POST['username'];
				$mypassword=$_POST['password'];
				$myemail=$_POST['email'];
				
				$sql="INSERT INTO users (First_Name,Last_Name,Username,Password,Email,Role) VALUES ('".$myfirstname."','".$mylastname."','".$myusername."','".$mypassword."','".$myemail."','STU')";
				$result=mysql_query($sql);
				
				$sql="SELECT User_ID FROM users WHERE Username='".$myusername."'";
				$result=mysql_fetch_row(mysql_query($sql));
				$sql="INSERT INTO studentinfo (User_ID) VALUES (".$result[0].")";
				$result=mysql_query($sql);
				
				header("location:managestudents.php?message=add");
			}
		}
		
	}
	
	//uploads user selected file
	function uploadFile(){
		
		$dir = 'temp/';
		$dh = opendir($dir);
		while (($file = readdir($dh)) != false){
			if (!is_dir($dir.$file)) {
				$filelist[] = $file;
			}
		}

		if(isset($filelist)){
			header("location:studentimport.php?file=".$filelist[0]);
		}
	}
	
	//exports student information in table
	function showStudents(){
		
		$sql='SELECT * FROM users WHERE Role = "STU"';
		$result=mysql_query($sql);
		$count=mysql_num_rows($result);
		
		echo '<tr style="background:#BBB;"><td>User ID</td><td>Name</td><td>Username</td><td>Password</td><td>Email</td><td></td><td></td><td></td></tr>';
		while ($row = mysql_fetch_row($result)){
			echo '<tr>';
			echo '<td>'.$row[0].'</td>';
			echo '<td>'.$row[1].' '.$row[2].'</td>';
			echo '<td>'.$row[3].'</td>';
			echo '<td>'.$row[4].'</td>';
			echo '<td>'.$row[5].'</td>';
			echo '<td><a href="editstudent.php?id='.$row[0].'">Edit</a></td>';
			echo '<td><a href="removestudent.php?id='.$row[0].'">Remove</a></td>';
			echo '<td><a href="results.php?userid='.$row[0].'">View Results</a></td>';
			echo '</tr>';
		}
		
		$result=mysql_query($sql);
	}
	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
	<head>
		<title>Student Management</title>		
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
		<link href="css/main.css" rel="stylesheet" type="text/css" />
		<script type="text/javascript" src="js/formsValidate.js"/></script>
	</head>
	<body>
		<div id="topbar">
			<div id="qut_logo" />  
			<img src="../img/strapline.png" alt="Slogan" id="slogan"/>
		</div>
		<div id="menubar">
			<div id="breadcrumbs">
				<a href="index.php">Home</a> \ <a href="management.php">Management</a> \ <a href="managestudents.php">Students</a>
			</div>
			<div id="logout"> 
				<a href="login.php?destroy=true">Log Out</a>
			</div>
		</div>
		
		<?php
			include 'upload.php';
			message();
		?>
		<a href="managestudents.php">
			<div id="error">
			</div>
		</a>
		<div style="" id="namebar_manage" ></div>
		<div id="body">
		<br/><br/>
			<table align="center" style="width:100%">
				<tr>
					<td style="vertical-align:top;width:50%">
						<div style="background-color: #CCC;font-size:25pt;font-weight:bold;">Students Excel Data</div>
						<table border="0" align="center" style="background:#FFF;width:100%">
							<tr>								
								<td scope="col" style="padding-left:40px;">	
									<form method="post" action="managestudents.php" name="submitform" enctype="multipart/form-data">
										<table border='1' width="100%"><tr><td>
											<a href="managestudents.php?message=export"><input class="exportBtn" type="button" value=""/></a>
										</td><td>
											<input class="form-login" type="file" name="file" accept="application/vnd.ms-excel" style="position:relative;top:5px;"/>
											<input class="impBtn" type="submit" value="" style="position:relative;top:-10px;"/>										
										<input type='hidden' name='MAX_FILE_SIZE' value='2000000'>
										</td></tr></table>
									</form>
									<br/>
								</td>								
							</tr>
						</table>
						<br>
						<table align="center" style="width:100%">
							<tr>
								<div style="background-color: #CCC;font-size:25pt;font-weight:bold;text-align:center;">Add New Student</div>
								<td align="left" style="background:#fff">									
									<form  method="post" action="managestudents.php?message=add" name="addstudentform" onSubmit="return validateForm('addstudentform');" style="padding-left:100px">
										First Name: <input type='text' name='firstname'/> Last Name: <input type='text' name='lastname'/><br/>
										Username:&nbsp;&nbsp;<input type='text' name='username'/> Password:&nbsp;&nbsp;<input type='password' name='password'/><br/>
										Email:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='text' name='email'/><br/>
										<input class="CreateBtn" type='submit' value='' style="margin-left:180px;"/>
									</form>
								</td>
							</tr>
						</table>
					</td>					
					<td align="center" style="width:600px">
						<div style="background-color: #CCC;font-size:25pt;font-weight:bold;">Edit Students</div>
						<table border="1" style="width:100%;background:#fff">							
							<?php
								showStudents();
							?>
						</table>
					</td>
				</tr>
			</table>
		</div>

		<div id="bottombg">
			<p>
				<a style="color:#333" href="http://www.qut.edu.au/additional/privacy">Privacy</a> 
				|
				<a style="color:#333" href="http://www.qut.edu.au/additional/copyright">Copyright</a>
				|
				<a style="color:#333" href="http://www.qut.edu.au/additional/disclaimer">Disclaimer</a>
				|
				<a style="color:#333" href="http://www.qut.edu.au/additional/accessibility">Accessibility</a>
			</p>
		</div>
	</body>
</html>